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DISTRIBUTION SYSTEM WITH AUTHENTICATION 
FIELD OF INVENTION 

The present invention relates to distribution systems, particularly those in 
which the delivery of goods / services can be authenticated as to their integrity 
5 or condition of delivery. In one particular, but not exclusive use, the present can 
be used to verify or authenticate the distribution and use of software via a 
relatively insecure environment. 
BACKGROUND 

The distribution of software via insecure and untrusted channels is a risk 
1 0 factor when using open, public or untrusted network. 

A complementary risk stems from ensuring that remotely operated 
software is operating in an unaltered manner, including all internal functions 
and internal data values. 

These risks apply particularly to Internet commerce, but include all other 
15 arenas where the recipient of information sourced or processed remotely 
requires assurance that the information is protected in a known manner. 
SUMMARY OF INVENTION 

An object of the present invention is to provide a system, method and / or 
device which can check the integrity of software distributed over an at least 
20 partially insecure network. 

To this end, the present invention provides a system for distributing goods 
and / or services over a medium which is at least partially insecure, the system 
including: 

a means for establishing an Integrity Check Value (ICV), 
25 storage means associated with the distribution of the goods and / or 

services, and 

comparison means evaluating whether the goods and / or services after 
distribution have the same ICV as the goods and / or services before 
distribution. 

30 The present invention also provides a method of distributing one or more 

copies of a goods and / or services based product, the method including the 
steps of: 
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determining a unique identification (Ul) value for the product, 
determining an ICV 
encrypting the ICV 
storing the ICV at a first location 
5 recalculating the ICV in a manner determinable from both the first location 

and the product, 

distributing a copy of the product to a second location remote from the first 
location, the distributed product having associated with it the recalculated ICV, 
and 

1 0 comparing the ICV of the distributed product with the ICV known to the 

first location. 

The encryption of the ICV may be based on the product and/or the 
Unique Identifier (Ul). 

Furthermore, the present invention provides a mechanism to distribute 
15 and use software in an insecure environment with relatively assured integrity 
and operation. 

The present invention stems from the realisation that distribution 
verification and authentication can be provided by 'attaching', associating and / 
or incorporating an Integrity Check Value (ICV) or some form of identification 
20 discernible only by the distributor and the distributed product to each product or 
service so distributed. 

In one form, the present invention enables software programs to be 
distributed to remote locations via any channels, including untrusted 
transmission networks, with the relative assurance that the received software 
25 has not been altered or modified in any manner. 

The present invention describes a method and apparatus to distribute 
software programs via insecure distribution means with the ability to assure the 
integrity of these programs, both on first installation and all subsequent use of 
the program. 

30 Programs may be distributed by electronic means in public, open or 

private networks, or by inclusion on storage media. 

The present invention discloses a method and apparatus to verify that the 
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program(s) have been installed in an unaltered state, or as in the intended 
manner of the program's creator, to a central (or trusted) server. 

A method and apparatus is also specified to enable said programs to 
prove integrity to a central (or trusted) server, via untrusted networks, upon 
5 activation and at any subsequent time. 

A consequence is that remotely located programs, possibly operating in 
untrusted environments, can be relatively assured they operate in the approved 
or desired manner, such approved manner may include ensuring that the 
program, or the user of the program, is communicating with the network entity 
10 (server) they intend to, while the network entity (server) can be relatively 
assured that the remote program operating in a known manner. 

Each distributed copy of a program may be individually and uniquely 
identified. 

Usage of individual copies of programs may be monitored. 
15 The time, date and frequency of use of individual programs may be 

monitored for signs of abnormal or undesirable usage patterns. 

The program may refuse to perform further operations unless integrity has 
been verified by the central (or trusted) server. 

Individual copies of programs which operate to or through a. central 
20 service server may be disabled remotely by setting a validity indicator at the 
central (or trusted) server to a "false" value. 

A preferred embodiment of the present invention will now be described 
with reference to the accompanying drawings, in which: 

Figure 1 illustrates one form of the distribution and initial validation, 
25 Figure 2 illustrates one form of subsequent validation, 

Figure 3 illustrates one form of Validation request, 
Figure 4 illustrates one form of validation approval, and 
Figure 5 illustrates in schematic form an apparatus for implementing the 
validation of the present invention. 
30 Although the ensuing description deals with software, it should be 

appreciated that the present invention also has application to other goods / 
services, such as, but is not limited to, copyright material, security functions used 
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for e.g. financial services over open or insecure n tworks and subscription 
services where consumption of services require verification and monitoring. 

In this embodiment, assume that software programs are distributed from a 
central location, and contain a unique identification (not necessarily a serial 
5 number) (Ul) value. This value can be embedded in the file or program, making 
the file or program a binary unique sequence. 

By the use of cryptographic hashing techniques, each copy of the 
software therefore has a cryptographically unique hash value (Integrity Check 
Value or ICV). 

10 A database containing the unique identification values and 

corresponding hash values can also be maintained at a central site. 

As the specific copy of the software is activated, the hash value is re- 
calculated in a specific manner known to both the software and the central site. 
The result of the received hash calculation / recalculation is electronically 
15 communicated to the central site, and validated against ICV entries in the 
database. If the validation is successful, the program can continue to operate as 
intended. 

It is also possible, once a positive on-line validation has occurred, to 
extend the process, dependent on application requirements, to embed a new or 

20 derived Unique Identifier (Ul). This could occur at initial distribution verification, 
or by updating the program at each "logon" to a central or validation server (VS). 
Subsequent validations would thus produce a "rolling" ICV, enabling 
unauthorised copies of a program to be identified should logon with an unrolled 
and therefore incorrect ICV occur 

25 If, for example, the software has been corrupted or tampered with during 

or following its distribution or subsequent installation, the software will produce 
a result, within the limits of the chosen hashing algorithm, which is a different 
ICV to that known or expected by the central site, and hence the validation 
should fail. In that event, the use of that software can be terminated or the copy 

30 deleted or rendered otherwise unusable by a suitable means or command. 

Commonly, this validation will occur during the initial installation of the 
software, and / or on subsequent use of the software. This ensures that software 
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has a chain of authentication from initial installation and preferably through each 
use of the program. 

Typically, the result of the calculated hash value will be included in every 
transaction, message or communication session generated by the remote 
5 software program. This may be used to provide an audit log of software usage, 
supplementing audit logs of user activity, which is uniquely linked to both the 
specific copy of the software program and every resulting transaction. 

The operation of the present invention involves either one or two distinct 
phases. 

10 These phases are the initial distribution of the software program with 

integrity, and validating the program integrity with ongoing use. 
Download Integrity Mechanisms 

Four exemplary techniques are described to ensure software integrity 
during the download/install phase. These are: 
15 D1 Distribute the software with a unique identification value embedded by 
the distributor. 

D2 Distribute the software as an identical copy of a "master version", and 
distribute the unique identification value by another channel, to be 
embedded at time of installation by a trusted tool distributed with the 
20 software. 

D3 As with D1 above, with the addition of a challenge/response step. 

D4 As with D2 above, with the addition of a challenge/response step. 

D5 As with D3 or D4, with the inclusion of an offset pointer to be used in the 
ICV calculation process. The offset may be calculated in any 
25 deterministic manner which value could be a function of, or incorporate 

the Ul value. 

D6 As with D3 and D4 but with the inclusion of a direction indicator to 
indicate the direction of program data through the ICV calculation 
process, e.g. from start-of file to end of file or alternatively from end of file 
30 to start of file. 
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D7 As with D6 but with the inclusion of an offset pointer for use with the ICV 
calculation. The offset may be calculated in any deterministic value and 
be a function of, or incorporate the Ul value. 

An example of Challenge/Response, in this instance, might be a process 
5 whereby the Validation Server (VS), (or some VS agent which makes the data 
known to the VS), issues some, e.g. date/time dependent, random and 
recorded, data to the software requesting validation. The data could then be 
included in the ICV (integrity check value) calculation and (VAL_REQ) message, 
sent to the validation server. The server is capable of calculating the modified 
10 request ICV and whether it is returned within a valid time frame etc. If the VS 
challenge is responded to correctly within the set parameters, than a VALJDK 
message may be issued. 
Some Operational Integrity Mechanisms 

Exemplary techniques might be, but are not confined to: 
1 5 V1 The ICV or validation value is a simple hash of the executable file. 

V2 The ICV is the result of hashing the executable file by use of a pre- 
calculated offset point in the file as the start of the input to the hash 
calculation process and continuing until the entire program has been 
used in calculating the ICV hash value. This offset pointer may be based 
20 upon the unique identification value, a fixed pointer chosen by the 

programmer, or determined in some other manner. 
V3 As with V1 , with the inclusion of an initialisation value. The initialisation 
value is included with the program file in the ICV calculation process. 
The initialisation value is originated by either the Validation Server or the 
25 program itself and communicated between the two locations to allow use 

in duplicate calculations at both locations. 
V4 As with V2 above, with the inclusion of an initialisation value, originated 
by either the Validation Server or the program itself. The initialisation 
value is included with the file in the hash calculation process. The 
30 initialisation value is originated by either the Validation Server or the 

program itself and communicated between the two locations to allow use 
in duplicate calculations at both locations. 
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V5 A combination of V2 and V4. The offset pointer is calculated in a manner 
which includes the initialisation value. The initialisation value is included 
in the ICV calculation process. The initialisation value is originated by 
either the Validation Server or the program itself and communicated 
5 between the two locations to allow use in duplicate calculations at both 

locations. 

V6 As with V2, with the addition of a direction indicator. The ICV is based 
upon the program file, an offset pointer and a direction flag. The ICV is 
the hash result from the direction that the program file is processed in 
10 (e.g. towards the End Of File or towards the Start Of File) and the offset 

pointer. 

V7 As with V6, with the inclusion of a initialisation value. The initialisation 
value is originated by either the Validation Server or the program itself 
communicated between the two locations to allow use in duplicate 
1 5 calculations at both locations. 

The hashing process is well known to those skilled in the art. The 
hashing process selected should be robust and fit for purpose. Example of 
hashing processes which might be employed are, (but not confined to), e.g. the 
NIST:-Secure Hash Standard, or the MD series of algorithms 
20 Simplified Diagram of Distribution and Initial Validation Process 

This description refers to figure 1 and presumes the Distribution Server 
performs both distribution and validation functions. This is not necessarily the 
case, since these two functions may be performed in separately or by separate 
systems. 

25 The Distribution Server possess the Public and Private Key components 

of an Asymmetric Encryption algorithm. A Symmetric algorithm and process 
could be used, in addition to or as an alternative. 

The Master Copy of the program is distributed with the unique identifier 
(Ul) and the Public Key of the Distribution Server (PKDS). The Ul may be 
30 embedded at time of distribution or embedded later by a trusted process. 

The Distribution Server calculates the Integrity Check Value (ICV) from a 
copy (identical image) of the distributed Master and stores both the Ul and ICV 
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into the Validation Database. 

When the remote location receives the program, the installation process 
occurs, which concludes with the received program being subjected to the same 
calculation process as used at the Distribution Server, to achieve a recalculated 
5 ICV. 

The recalculated ICV and Ul are sent to the Distribution Server, encrypted 

by PKDS in a Validation Request (VAL_REQ) message, see figure 3. 

On receipt at the Distribution Server, a Private Key is used to recover the 

ICV and Ul. The Ul and received ICV components are then compared against 
10 the values calculated at time of distribution. By necessity, the ICV values are 

transmitted in encrypted form. The encryption process uses Public Key methods 

to protect the Ul and ICV values from eavesdroppers. It is not necessary, in all 

cases, to transmit the Public Key, since this may be known within a closed 

network, or distributed by other means. However and alternatively, the VAL_OK 
15 message may be accompanied by a Public Key certificate. The most 

appropriate implementation should be determined by the application 

requirements or some affiliated standard. 

If the stored and recalculated values match, the database entry for this 

specific copy of the program is updated to reflect the successful validation. 
20 Otherwise, the database entry is flagged as invalid. The program is also 

notified, by means of a Validation Successful (VAL_OK) message, see figure 4. 

Simplified Diagram of Subseque nt Validation Process 

Referring to figure 2, when the remote location activates the program in 

response to some use action or automatic stimulus, the program may use the 
25 same calculation process used at the Verification Server, to achieve a 

recalculated ICV. 

The recalculated ICV is sent to the Validation Server in a VAL_REQ 
message, where it is compared against the values calculated and validated, at 
the time of distribution. Again, the Ul and ICV values are encrypted by Public 
30 Key methods, to prevent other parties correlating the two values, and creating 
software which may masquerade as valid software. 
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If the stored and recalculated values match, the program is notified of this 
fact by th us of a digitally signed VAL_OK (effectively a "ticket of authenticity") 
message which allows the program to proceed with processing information in 
accordance with the capabilities included by the program author. The digitally 
5 signed "Ticket of Authenticity" can in fact be validated by any entity possessing 
the Public Key of the Validation Server (PKVS). The digital signing of the Ticket 
of Authenticity is effected by using the protected and secret key of the validation 
server (SKVS), at that server. The technique, using asymmetric cryptography, is 
well known to those skilled in the art. 

10 The Validation and Distribution Servers are shown as different systems, 

but in practice, it is likely that they will be different functions of the same system. 
If the Validation and Distribution Servers are different systems, then all 
distributed programs must contain appropriate public keys (i.e. PKDS and 
PKVS) to achieve the necessary secure communication paths required for 

15 software validation. 

The program, once validated, may then communicate, with time 
correlated authenticity, to other systems in the electronic network, provided the 
digitally signed VALJDK message is transmitted along with the request for 
connection on the remote network device. 

20 Referring to figures 3 and 4, the Program Sequence Identifier (PSI) 

assists in preventing replayed validation request messages. 

The Validation Server Sequence Identifier (VSSI) further assists in 
preventing replayed validation request messages. 

The Date/Time stamp (DT) enables any recipient to determine when the 

25 program was last validated. The recipient of a message or transaction 
containing a VAL_OK component may then make a valued decision on the 
validity of the software generating the message, and therefore the reliability 
which may be placed on the specified transactional data within the message. 
The recipient of such a message may also check the authenticity of the VALJDK 

30 components by reference to the digital signature on the VAL_OK or by reference 
to the Validation Server. 

An initialisation vector is, referring to Figures 3 and 4, a value to be 
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common to both the software or device under registration and the registration 
entity (validation server). The value is used in the process of calculating the ICV 
and therefore preferably should occur on a "one time only" basis. This will 
ensure that each validation is unique in content and cannot be replayed etc. An 
5 initialisation vector value might be derived from, (but is not confined to), e.g. the 
serial number of the device or software, a transaction counter or a date/time 
stamp. The nett result being a value used to derive a one time token of 
authenticity for the ICV calculation. 

Referring to Figure 5, a schematic illustrates a means of implementing the 
10 present invention. In the figure, reference numerals denote: 

1. The Software Module: The goods/services or program being assured 
through this process. 

2. ICV Calculation process: The process that calculates the ICV value, 
using a Hash Function and other optional processing steps, which may 

1 5 include use of an Initialisation Value or other token, an offset pointed, and 

direction flag. 

3. Direction Flag or indicator: Which may be used to indicate the 
direction to process the Software Module in calculating the ICV. The 
Direction Flag, or indicator, will indicate to process from Start of File to 

20 End of File, or from End of File towards Start of File. Typically, this will be 

determined from the Ul and optionally, other values such as IV. 

4. Initialisation Value: An instance or program specific value which may 
be used in calculating the ICV. 

5. Offset pointer: A value which may be used as to indicate an offset start 
25 point for processing the Software module as it is processed for ICV 

calculations. Typically, this will be determined from the Ul and optionally, 
other values such as IV. 
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THF CLAIMS DEFINING THE INVENTION ARE AS FOLLOWS : 



1. A system for distributing goods and / or services over a medium which is 
at least partially insecure, the system including: 

a means for establishing an Integrity Check Value (ICV), 
storage means associated with the distribution of the goods and / or 
services, and 

comparison means evaluating whether the goods and / or services after 
distribution have the same ICV as the goods and / or services before 
distribution. 

2. A system as claimed in claim 1, in which the established ICV is stored in 
the storage means, and is incorporated or attached to the distributed goods and 
/ or service. 

3. A system as claimed in claim 1 or 2, in which the goods and / or services 
are software based. 

4. A system as claimed in claim 3, in which the comparison means 
evaluates the ICV at a time proximate installation of the software. 

5. A system as claimed in claim 3 or 4, in which the comparison means 
evaluates the ICV at or during use of the software. 

6. A system as claimed in any one of claims 1 to 5, in which the ICV in which 
ICV is established based on the Ul and the program data. 

7. A method of distributing one or more copies of a goods and / or services 
based product, the method including the steps of: 

determining a unique identification (Ul) value for the product, 
encrypting, calculating and encrypting the ICV, based on the product and 
the Unique Identifier (Ul), 
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storing the ICV at a first location 

recalculating the ICV in a manner determinable from both the first location 
and the product, 

distributing a copy of the product to a second location remote from the first 
location, the distributed product having associated with it the recalculated ICV, 
and 

comparing the ICV of the distributed product with the ICV known to the 
first location. 

8. A device adapted to perform the method as claimed in claim 7. 

9. A method, apparatus, or system as herein disclosed. 
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